The Traders' Den  

  The Traders' Den > Where we go to learn ..... > Technobabble


Technobabble Post your general Need for Help questions here.
Lossy or Lossless?

Thread Tools
Old 2007-11-20, 10:34 AM
sjmike's Avatar
sjmike sjmike is offline
Metallica Trader
278.29 GB/414.43 GB/1.49
Join Date: Nov 2004
Location: San Jose, CA
Icon4 Multiple Vulnerabilities In .FLAC File Format and Various Media Applications

That there are multiple critical vulnerabilities in the Free Lossless Audio Codec (FLAC) library has been known since September. However, until now no mention has been made concerning which products use the library and are potentially vulnerable. US-CERT has rectified this omission in an advisory that incudes a list of affected products. The list includes Cog, dBpoweramp, Foobar2000, jetAudio, PhatBox and Yahoo products (probably the Yahoo! Music Jukebox). In Winamp, the vulnerability has been fixed since version 5.5, in libFLAC since version 1.2.1.

Security services provider eEye has released an overview of all 14 known vulnerabilities in libFLAC parsers in a new security advisory. Almost all of these are due to buffer overflows. Many can be exploited to inject and execute code using crafted meta data in FLAC files. [Update] As well as the products named, players based upon the open source libavcodec audio codec library also can be affected by the vulnerability. They can be linked against libFLAC for FLAC support. [/Update] These include MPlayer, VLC Media Player, GStreamer, ffdshow, xmms and xine.

Until updates are made available, users should only play FLAC files from trusted sources. To date, however, FLAC files are rarely seen in the wild. US rapper Saul Williams is one of the few artists who does offer a losslessly compressed version of his latest album "The Inevitable Rise and Liberation of NiggyTardust!" in FLAC format as a download.

See also:
Interested in trading Metallica Videos? If so check out my trading site:
Reply With Quote Reply with Nested Quotes
Old 2007-11-20, 02:38 PM
Five's Avatar
Five Five is offline
TTD Staff
186.65 GB/588.32 GB/3.15
Join Date: Oct 2004
Location: Canada
Re: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications

vulnerabilities have been fixed for some time now. update flac if you need to

libFLAC version 1.2.1 was released in September, 2007, fixing these vulnerabilities for most vulnerable applications. Unfortunately, many vendors that were using libFLAC within their media applications or using their own homegrown FLAC file parsers had not been informed that their FLAC file parser was vulnerable. Because of that, the release of this advisory was postponed until all vulnerable vendors were contacted in coordination with US-CERT.
Checksums Demystified EAC Config MakeTorrent WinAmp Config

Modern social theory casts a highly skeptical eye on any declaration that a group of persons is without conflict, and insists, on the contrary, that conflict is natural to groups, and even more, is essential to them. -Patrick Henry
Reply With Quote Reply with Nested Quotes
Old 2007-11-20, 08:53 PM
Kush's Avatar
Kush Kush is offline
active taper
198.79 GB/239.51 GB/1.20
Join Date: Nov 2004
Location: Lost in the Pocono Mtns.
Re: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications

Is the current version of TLH free of these .flac vulnerabilities? I love the convenience of a single program for all trader-related stuff.
The Grateful Dead... Rock 'n Roll for madmen.

Catch you on the flipside!

AKG SE 300 b (CK91/CK93) > Segue Dogstar Silver-Clad XLRs > Busman Transparency mod Tascam HD-P2 (24 bit 48 kHz)
Reply With Quote Reply with Nested Quotes

The Traders' Den > Where we go to learn ..... > Technobabble

Similar Threads
Thread Forum Replies Last Post
Cannot copy file: cannot read from the source file or disk - Gaston Technobabble 7 2012-03-15 01:48 PM
Downloading from multiple PCs - Stash Technobabble 1 2006-11-21 11:18 PM
winamp media file - kyhoops Technobabble 3 2006-11-20 06:04 PM
i need help makeing a video file(Windows Media Profile Editor help) - PearlJamMan Technobabble 0 2006-09-10 08:54 PM

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


All times are GMT -5. The time now is 12:16 PM.

Powered by: vBulletin, Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
Copyright ©2004 - , - All Rights Reserved - Hosted at QuickPacket
no new posts